Cybersecurity experts at NordVPN are warning that some travel apps request more access than they need to, making them excessively privacy-unfriendly. Applications such as AirBnB, Booking, or FlightRadar24 have been ‘flagged’ as being among the most privacy-unfriendly, with more than 28% of permissions to access device functions requested being completely unrelated to their performance.
It is well known that today, a person’s interests and information stored on their devices can be highly lucrative, and the exponential increase in the collection of consumer data is only being matched by the rising concerns of consumers.
Only recently, the Identity Theft Resource Center (ITRC), a national non-profit organisation set up to minimise the risk and mitigate the impact of identity compromise, announced that the number of data breach victims in Q2 2024 had increased by a staggering 1,170%.
Providing data to third parties has been made far too simple while keeping that data safe seems less so. That’s why limiting the information apps can access about you to the bare minimum makes common sense.
Almost everyone reading this will have experienced being asked to agree to usage terms and conditions, and the developers know that the vast majority will, with barely a second thought, click ‘agree’ rather than subject themselves to reading pages of confusing legal wording, wasting valuable time.
Some large tech companies have realised that a line has been crossed, and bad press is forcing them to make specific changes in how they operate. However, those making changes are few and far between. Fortunately, companies such as NordVPN, Malwarebytes, etc., are sharing their expertise and making their concerns known.
Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said, “Travel apps are among the most eager to request access to devices’ functions that are not needed for their performance. Collected data could be used against the user’s interests and lead to privacy issues that are way more serious than targeted ads. Users should always consider whether the app needs certain data to do its job before tapping ‘Accept,’ even if a well-known and trustworthy travelling service provider develops the app.”
According to cybersecurity and privacy researchers, on average, one travel mobile app asks for almost 23 device permissions, including access to your travel location or photos and videos. More than 6 of the permissions are unnecessary for the application’s functionality.
Moreover, the travel apps category requests more special, dangerous, and biometric permissions than the average, as these permissions deal with highly sensitive or personal information and system-critical processes. Travel apps request an average of 9 special, dangerous, and biometric permissions, while most apps from all categories request more than seven permissions on average.
How to protect your privacy on travel apps
To protect your privacy on your vacation, Adrianus Warmenhoven has suggested the following preventive measures:
Download from official stores. Unofficial app stores will only sometimes have systems to check whether an app is safe before it’s published and available to download. In addition, obtaining a travel app from an unofficial source increases the risk of it being modified by criminals.
Read the app’s privacy policy before downloading. Check what information the travel app will track and what it will share with third parties. If you’re not happy with the level of privacy, use the webpage to use services rather than downloading an app.
Get to know your data permissions. When you download an app, you’ll be asked to give various permissions to access your data. Make sure they make sense to you. If you already have an app, review all the permissions, turn off the ones you don’t want or need, and consider deleting the apps that ask for too many permissions (especially if they’re not needed for the app’s functionality). You should pay particular attention to permissions like camera, microphone, storage, location, and contact list.
One of the most common “no-nos” made by users is automatically agreeing to sign in with social network accounts. You shouldn’t do this because by logging into an app with your social media account, you will potentially be allowing it to collect information from the account and vice versa.
Finally, a good rule of thumb is to delete the apps you don’t use. If an app sits unused on your screen and you’re not using it anymore, delete it. What should concern all users is that, based on the permissions you initially granted or agreed to, it could still be collecting data on you even if you’re not using it.